Merge remote-tracking branch 'upstream/master'

Author: mtrezza

.babelrc

@@ -7,7 +7,8 @@
         ["@babel/preset-env", {
             "targets": {
                 "node": "12"
-            }
+            },
+            "exclude": ["proposal-dynamic-import"]
         }]
     ],
     "sourceMaps": "inline"

.github/workflows/ci.yml

@@ -17,7 +17,7 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - name: Use Node.js ${{ matrix.NODE_VERSION }}
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@v2
         with:
           node-version: ${{ matrix.node-version }}
       - name: Cache Node.js modules
@@ -29,8 +29,10 @@ jobs:
             ${{ runner.os }}-node-${{ matrix.NODE_VERSION }}-
       - name: Install dependencies
         run: npm ci
-      - name: CI Self-Check
+      - name: CI Environments Check
         run: npm run ci:check
+      - name: CI Node Engine Check
+        run: npm run ci:checkNodeEngine
   check-changelog:
     name: Changelog
     timeout-minutes: 5
@@ -45,7 +47,7 @@ jobs:
      steps:
        - uses: actions/checkout@v2
        - name: Use Node.js ${{ matrix.NODE_VERSION }}
-         uses: actions/setup-node@v1
+         uses: actions/setup-node@v2
          with:
            node-version: ${{ matrix.node-version }}
        - name: Cache Node.js modules
@@ -65,7 +67,7 @@ jobs:
      steps:
        - uses: actions/checkout@v2
        - name: Use Node.js ${{ matrix.NODE_VERSION }}
-         uses: actions/setup-node@v1
+         uses: actions/setup-node@v2
          with:
            node-version: ${{ matrix.node-version }}
        - name: Cache Node.js modules
@@ -111,17 +113,17 @@ jobs:
             MONGODB_STORAGE_ENGINE: wiredTiger
             NODE_VERSION: 14.17.6
           - name: MongoDB 4.2, ReplicaSet, WiredTiger
-            MONGODB_VERSION: 4.2.15
+            MONGODB_VERSION: 4.2.16
             MONGODB_TOPOLOGY: replicaset
             MONGODB_STORAGE_ENGINE: wiredTiger
             NODE_VERSION: 14.17.6
           - name: MongoDB 4.0, ReplicaSet, WiredTiger
-            MONGODB_VERSION: 4.0.25
+            MONGODB_VERSION: 4.0.27
             MONGODB_TOPOLOGY: replicaset
             MONGODB_STORAGE_ENGINE: wiredTiger
             NODE_VERSION: 14.17.6
           - name: MongoDB 4.0, Standalone, MMAPv1
-            MONGODB_VERSION: 4.0.25
+            MONGODB_VERSION: 4.0.27
             MONGODB_TOPOLOGY: standalone
             MONGODB_STORAGE_ENGINE: mmapv1
             NODE_VERSION: 14.17.6
@@ -159,7 +161,7 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - name: Use Node.js ${{ matrix.NODE_VERSION }}
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@v2
         with:
           node-version: ${{ matrix.NODE_VERSION }}
       - name: Cache Node.js modules
@@ -219,7 +221,7 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - name: Use Node.js ${{ matrix.NODE_VERSION }}
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@v2
         with:
           node-version: ${{ matrix.NODE_VERSION }}
       - name: Cache Node.js modules

CHANGELOG.md

@@ -104,6 +104,7 @@ ___
 - Remove support for Node 10 which has reached its End-of-Life date (Manuel Trezza) [#7314](https://github.com/parse-community/parse-server/pull/7314)
 - Remove S3 Files Adapter from Parse Server, instead install separately as `@parse/s3-files-adapter` (Manuel Trezza) [#7324](https://github.com/parse-community/parse-server/pull/7324)
 - Remove Session field `restricted`; the field was a code artifact from a feature that never existed in Open Source Parse Server; if you have been using this field for custom purposes, consider that for new Parse Server installations the field does not exist anymore in the schema, and for existing installations the field default value `false` will not be set anymore when creating a new session (Manuel Trezza) [#7543](https://github.com/parse-community/parse-server/pull/7543)
+- ci: add node engine version check (Manuel Trezza) [#7574](https://github.com/parse-community/parse-server/pull/7574)
 
 ### Notable Changes
 - Added Parse Server Security Check to report weak security settings (Manuel Trezza, dblythy) [#7247](https://github.com/parse-community/parse-server/issues/7247)
@@ -151,6 +152,7 @@ ___
 - Refactor: uniform issue templates across repos (Manuel Trezza) [#7528](https://github.com/parse-community/parse-server/pull/7528)
 - ci: bump ci environment (Manuel Trezza) [#7539](https://github.com/parse-community/parse-server/pull/7539)
 - CI now pushes docker images to Docker Hub (Corey Baker) [#7548](https://github.com/parse-community/parse-server/pull/7548)
+- Allow cloud string for ES modules (Daniel Blyth) [#7560](https://github.com/parse-community/parse-server/pull/7560)
 - docs: Introduce deprecation ID for reference in comments and online search (Manuel Trezza) [#7562](https://github.com/parse-community/parse-server/pull/7562)
 
 ## 4.10.3
@@ -178,15 +180,15 @@ ___
 
 *Versions >4.5.2 and <4.10.0 are skipped.*
 
-> ⚠️ A security incident caused a number of incorrect version tags to be pushed to the Parse Server repository. These version tags linked to a personal fork of a contributor who had write access to the repository. The code to which these tags linked has not been reviewed or approved by Parse Platform. Even though no releases were published with these incorrect versions, it was possible to define a Parse Server dependency that pointed to these version tags, for example if you defined this dependency: 
+> ⚠️ A security incident caused a number of incorrect version tags to be pushed to the Parse Server repository. These version tags linked to a personal fork of a contributor who had write access to the repository. The code to which these tags linked has not been reviewed or approved by Parse Platform. Even though no releases were published with these incorrect versions, it was possible to define a Parse Server dependency that pointed to these version tags, for example if you defined this dependency:
 > ```js
 > "parse-server": "[email protected]:parse-community/parse-server.git#4.9.3"
 > ```
-> 
+>
 > We have since deleted the incorrect version tags, but they may still show up if your personal fork on GitHub or locally. We do not know when these tags have been pushed to the Parse Server repository, but we first became aware of this issue on July 21, 2021. We are not aware of any malicious code or concerns related to privacy, security or legality (e.g. proprietary code). However, it has been reported that some functionality does not work as expected and the introduction of security vulnerabilities cannot be ruled out.
 >
-> You may be also affected if you used the Bitnami image for Parse Server. Bitnami picked up the incorrect version tag `4.9.3` and published a new Bitnami image for Parse Server. 
-> 
+> You may be also affected if you used the Bitnami image for Parse Server. Bitnami picked up the incorrect version tag `4.9.3` and published a new Bitnami image for Parse Server.
+>
 >**If you are using any of the affected versions, we urgently recommend to upgrade to version `4.10.0`.**
 
 ## 4.5.2

README.md

@@ -123,8 +123,8 @@ Parse Server is continuously tested with the most recent releases of MongoDB to
 
 | Version     | Latest Version | End-of-Life Date | Compatibility      |
 |-------------|----------------|------------------|--------------------|
-| MongoDB 4.0 | 4.0.25         | April 2022       | ✅ Fully compatible |
-| MongoDB 4.2 | 4.2.15         | TBD              | ✅ Fully compatible |
+| MongoDB 4.0 | 4.0.27         | April 2022       | ✅ Fully compatible |
+| MongoDB 4.2 | 4.2.16         | TBD              | ✅ Fully compatible |
 | MongoDB 4.4 | 4.4.8          | TBD              | ✅ Fully compatible |
 | MongoDB 5.0 | 5.0.2          | January 2024     | ✅ Fully compatible |
 

resources/ci/CiVersionCheck.js renamed to ci/CiVersionCheck.js

@@ -0,0 +1,190 @@
+const core = require('@actions/core');
+const semver = require('semver');
+const fs = require('fs').promises;
+const path = require('path');
+
+/**
+ * This checks whether any package dependency requires a minimum node engine
+ * version higher than the host package.
+ */
+class NodeEngineCheck {
+
+  /**
+   * The constructor.
+   * @param {Object} config The config.
+   * @param {String} config.nodeModulesPath The path to the node_modules directory.
+   * @param {String} config.packageJsonPath The path to the parent package.json file.
+   */
+  constructor(config) {
+    const {
+      nodeModulesPath,
+      packageJsonPath,
+    } = config;
+
+    // Ensure required params are set
+    if ([
+      nodeModulesPath,
+      packageJsonPath,
+    ].includes(undefined)) {
+      throw 'invalid configuration';
+    }
+
+    this.nodeModulesPath = nodeModulesPath;
+    this.packageJsonPath = packageJsonPath;
+  }
+
+  /**
+   * Returns an array of `package.json` files under the given path and subdirectories.
+   * @param {String} [basePath] The base path for recursive directory search.
+   */
+  async getPackageFiles(basePath = this.nodeModulesPath) {
+    try {
+      // Declare file list
+      const files = []
+
+      // Get files
+      const dirents = await fs.readdir(basePath, { withFileTypes: true });
+      const validFiles = dirents.filter(d => d.name.toLowerCase() == 'package.json').map(d => path.join(basePath, d.name));
+      files.push(...validFiles);
+
+      // For each directory entry
+      for (const dirent of dirents) {
+        if (dirent.isDirectory()) {
+          const subFiles = await this.getPackageFiles(path.join(basePath, dirent.name));
+          files.push(...subFiles);
+        }
+      }
+      return files;
+    } catch (e) {
+      throw `Failed to get package.json files in ${this.nodeModulesPath} with error: ${e}`;
+    }
+  }
+
+  /**
+   * Extracts and returns the node engine versions of the given package.json
+   * files.
+   * @param {String[]} files The package.json files.
+   * @param {Boolean} clean Is true if packages with undefined node versions
+   * should be removed from the results.
+   * @returns {Object[]} A list of results.
+   */
+  async getNodeVersion({ files, clean = false }) {
+
+    // Declare response
+    let response = [];
+
+    // For each file
+    for (const file of files) {
+
+      // Get node version
+      const contentString = await fs.readFile(file, 'utf-8');
+      const contentJson = JSON.parse(contentString);
+      const version = ((contentJson || {}).engines || {}).node;
+
+      // Add response
+      response.push({
+        file: file,
+        nodeVersion: version
+      });
+    }
+
+    // If results should be cleaned by removing undefined node versions
+    if (clean) {
+      response = response.filter(r => r.nodeVersion !== undefined);
+    }
+    return response;
+  }
+
+  /**
+   * Returns the highest semver definition that satisfies all versions
+   * in the given list.
+   * @param {String[]} versions The list of semver version ranges.
+   * @param {String} baseVersion The base version of which higher versions should be
+   * determined; as a version (1.2.3), not a range (>=1.2.3).
+   * @returns {String} The highest semver version.
+   */
+  getHigherVersions({ versions, baseVersion }) {
+    // Add min satisfying node versions
+    const minVersions = versions.map(v => {
+      v.nodeMinVersion = semver.minVersion(v.nodeVersion)
+      return v;
+    });
+
+    // Sort by min version
+    const sortedMinVersions = minVersions.sort((v1, v2) => semver.compare(v1.nodeMinVersion, v2.nodeMinVersion));
+
+    // Filter by higher versions
+    const higherVersions = sortedMinVersions.filter(v => semver.gt(v.nodeMinVersion, baseVersion));
+    // console.log(`getHigherVersions: ${JSON.stringify(higherVersions)}`);
+    return higherVersions;
+  }
+
+  /**
+ * Returns the node version of the parent package.
+ * @return {Object} The parent package info.
+ */
+  async getParentVersion() {
+    // Get parent package.json version
+    const version = await this.getNodeVersion({ files: [ this.packageJsonPath ], clean: true });
+    // console.log(`getParentVersion: ${JSON.stringify(version)}`);
+    return version[0];
+  }
+}
+
+async function check() {
+  // Define paths
+  const nodeModulesPath = path.join(__dirname, '../node_modules');
+  const packageJsonPath = path.join(__dirname, '../package.json');
+
+  // Create check
+  const check = new NodeEngineCheck({
+    nodeModulesPath,
+    packageJsonPath,
+  });
+
+  // Get package node version of parent package
+  const parentVersion = await check.getParentVersion();
+
+  // If parent node version could not be determined
+  if (parentVersion === undefined) {
+    core.setFailed(`Failed to determine node engine version of parent package at ${this.packageJsonPath}`);
+    return;
+  }
+
+  // Determine parent min version
+  const parentMinVersion = semver.minVersion(parentVersion.nodeVersion);
+
+  // Get package.json files
+  const files = await check.getPackageFiles();
+  core.info(`Checking the minimum node version requirement of ${files.length} dependencies`);
+
+  // Get node versions
+  const versions = await check.getNodeVersion({ files, clean: true });
+
+  // Get are dependencies that require a higher node version than the parent package
+  const higherVersions = check.getHigherVersions({ versions, baseVersion: parentMinVersion });
+
+  // Get highest version
+  const highestVersion = higherVersions.map(v => v.nodeMinVersion).pop();
+
+  // If there are higher versions
+  if (higherVersions.length > 0) {
+    console.log(`\nThere are ${higherVersions.length} dependencies that require a higher node engine version than the parent package (${parentVersion.nodeVersion}):`);
+
+    // For each dependency
+    for (const higherVersion of higherVersions) {
+
+      // Get package name
+      const _package = higherVersion.file.split('node_modules/').pop().replace('/package.json', '');
+      console.log(`- ${_package} requires at least node ${higherVersion.nodeMinVersion} (${higherVersion.nodeVersion})`);
+    }
+    console.log('');
+    core.setFailed(`❌ Upgrade the node engine version in package.json to at least '${highestVersion}' to satisfy the dependencies.`);
+    console.log('');
+    return;
+  }
+
+  console.log(`✅ All dependencies satisfy the node version requirement of the parent package (${parentVersion.nodeVersion}).`);
+}
+
+check();